krb5_rd_req: Wrong principal in request while reading request

Donn Cave donn at drizzle.com
Thu Jul 25 00:42:45 EDT 2002


Quoth Thomas.Huang at jpl.nasa.gov (Thomas Huang):
| I am trying to setup a kerberorized service (using kerberos 5 v1.2.2) 
| on a Solaris 7 machine.  When trying to connect to this service using 
| a kerberorized client, the server returned the following error 
| message:
|
| krb5_rd_req: Wrong principal in request while reading request
|
| I have verified my /etc/krb5.keytab has the correct entries.  I was 
| able to use 'kinit -k -t /etc/krb5.keytab -S <myserivce> <principal>' 
| to obtain a service ticket on that server host.  I have also updated 
| the /etc/hosts file to make sure the fully qualified host name is on 
| the first position.  My guess is some how the host lookup is 
| returning a different host name, but I am sure I am on a single home 
| machine.  My /etc/nsswitch.conf has the following entry on for hosts
|
| hosts:     nisplus dns [NOTFOUND=return] files
|
| I am not very good in system administration.  Any ideas?

Not really, but I agree that's a likely cause.  If you can look
(or get someone to look) in the syslog records for the KDC, you
should see the exact ticket the client gets, and that ought to be
helpful.  Or for that matter, you should have the ticket in your
credentials cache after you run the client, so try "klist".  In
either case, it may be helpful to clear the cache first.

	Donn Cave, donn at drizzle.com



More information about the Kerberos mailing list